[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

mjs mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:25:41 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit d25c918acc8883b6bfd97659d107ede3980adea8
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Feb 22 02:30:42 2003 +0000

            Reviewed by Dave.
    
    	- fixed 3167642 - crash in renderArena.
    
            * khtml/html/html_documentimpl.cpp:
            (HTMLDocumentImpl::close): Clear the tokenizer early to avoid
    	re-entering the onload handler - this was causing a massive
    	overload of frames which finally caused a crash.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3688 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 883ba2d..ccb64f3 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,14 @@
+2003-02-21  Maciej Stachowiak  <mjs at apple.com>
+
+        Reviewed by Dave.
+
+	- fixed 3167642 - crash in renderArena.
+
+        * khtml/html/html_documentimpl.cpp:
+        (HTMLDocumentImpl::close): Clear the tokenizer early to avoid
+	re-entering the onload handler - this was causing a massive
+	overload of frames which finally caused a crash.
+
 2003-02-21  Darin Adler  <darin at apple.com>
 
         Reviewed by Dave.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 883ba2d..ccb64f3 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,14 @@
+2003-02-21  Maciej Stachowiak  <mjs at apple.com>
+
+        Reviewed by Dave.
+
+	- fixed 3167642 - crash in renderArena.
+
+        * khtml/html/html_documentimpl.cpp:
+        (HTMLDocumentImpl::close): Clear the tokenizer early to avoid
+	re-entering the onload handler - this was causing a massive
+	overload of frames which finally caused a crash.
+
 2003-02-21  Darin Adler  <darin at apple.com>
 
         Reviewed by Dave.
diff --git a/WebCore/khtml/html/html_documentimpl.cpp b/WebCore/khtml/html/html_documentimpl.cpp
index 61f5cc8..9a9bb6d 100644
--- a/WebCore/khtml/html/html_documentimpl.cpp
+++ b/WebCore/khtml/html/html_documentimpl.cpp
@@ -331,6 +331,13 @@ void HTMLDocumentImpl::close()
 {
     // First fire the onload.
     bool doload = !parsing() && m_tokenizer;
+
+    // We must clear the tokenizer as early as possible to avoid
+    // re-entering the onload handler. This is done in the base class
+    // call, but now that we call the handler before anything else
+    // instead of last, we have to also do it manually here.
+    delete m_tokenizer;
+    m_tokenizer = 0;
     
     bool wasNotRedirecting = !view() || view()->part()->d->m_scheduledRedirection == noRedirectionScheduled;
     
@@ -352,8 +359,6 @@ void HTMLDocumentImpl::close()
             // paint every fourth page.
             // Just bail out. During the onload we were shifted to another page.
             // i-Bench does this. When this happens don't bother painting or laying out.        
-            delete m_tokenizer;
-            m_tokenizer = 0;
             view()->unscheduleRelayout();
             return;
         }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list